jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
e1ded76c1908bf1d011d392ba649cdb7d508240f
danbooru/test/unit/post_disapproval_test.rb
r888888888 abce4d2551 Raise error on unpermitted params. 
Fail loudly if we forget to whitelist a param instead of silently
ignoring it.

misc models: convert to strong params.

artist commentaries: convert to strong params.

* Disallow changing or setting post_id to a nonexistent post.

artists: convert to strong params.

* Disallow setting `is_banned` in create/update actions. Changing it
  this way instead of with the ban/unban actions would leave the artist in
  a partially banned state.

bans: convert to strong params.

* Disallow changing the user_id after the ban has been created.

comments: convert to strong params.

favorite groups: convert to strong params.

news updates: convert to strong params.

post appeals: convert to strong params.

post flags: convert to strong params.

* Disallow users from setting the `is_deleted` / `is_resolved` flags.

ip bans: convert to strong params.

user feedbacks: convert to strong params.

* Disallow users from setting `disable_dmail_notification` when creating feedbacks.
* Disallow changing the user_id after the feedback has been created.

notes: convert to strong params.

wiki pages: convert to strong params.

* Also fix non-Builders being able to delete wiki pages.

saved searches: convert to strong params.

pools: convert to strong params.

* Disallow setting `post_count` or `is_deleted` in create/update actions.

janitor trials: convert to strong params.

post disapprovals: convert to strong params.

* Factor out quick-mod bar to shared partial.
* Fix quick-mod bar to use `Post#is_approvable?` to determine visibility
  of Approve button.

dmail filters: convert to strong params.

password resets: convert to strong params.

user name change requests: convert to strong params.

posts: convert to strong params.

users: convert to strong params.

* Disallow setting password_hash, last_logged_in_at, last_forum_read_at,
  has_mail, and dmail_filter_attributes[user_id].

* Remove initialize_default_image_size (dead code).

uploads: convert to strong params.

* Remove `initialize_status` because status already defaults to pending
  in the database.

tag aliases/implications: convert to strong params.

tags: convert to strong params.

forum posts: convert to strong params.

* Disallow changing the topic_id after creating the post.
* Disallow setting is_deleted (destroy/undelete actions should be used instead).
* Remove is_sticky / is_locked (nonexistent attributes).

forum topics: convert to strong params.

* merges https://github.com/evazion/danbooru/tree/wip-rails-5.1
* lock pg gem to 0.21 (1.0.0 is incompatible with rails 5.1.4)
* switch to factorybot and change all references

Co-authored-by: r888888888 <r888888888@gmail.com>
Co-authored-by: evazion <noizave@gmail.com>

add diffs
2018-04-06 18:09:57 -07:00

96 lines
3.0 KiB
Ruby
Raw Blame History

require 'test_helper'
class PostDisapprovalTest < ActiveSupport::TestCase
context "In all cases" do
setup do
@alice = FactoryBot.create(:moderator_user)
CurrentUser.user = @alice
CurrentUser.ip_addr = "127.0.0.1"
end
teardown do
CurrentUser.user = nil
CurrentUser.ip_addr = nil
end
context "A post disapproval" do
setup do
@post_1 = FactoryBot.create(:post, :is_pending => true)
@post_2 = FactoryBot.create(:post, :is_pending => true)
end
context "made by alice" do
setup do
@disapproval = PostDisapproval.create(:user => @alice, :post => @post_1)
end
context "when the current user is alice" do
setup do
CurrentUser.user = @alice
end
should "remove the associated post from alice's moderation queue" do
assert(!Post.available_for_moderation(false).map(&:id).include?(@post_1.id))
assert(Post.available_for_moderation(false).map(&:id).include?(@post_2.id))
end
end
context "when the current user is brittony" do
setup do
@brittony = FactoryBot.create(:moderator_user)
CurrentUser.user = @brittony
end
should "not remove the associated post from brittony's moderation queue" do
assert(Post.available_for_moderation(false).map(&:id).include?(@post_1.id))
assert(Post.available_for_moderation(false).map(&:id).include?(@post_2.id))
end
end
end
context "for a post that has been approved" do
setup do
@post = FactoryBot.create(:post)
@user = FactoryBot.create(:user)
Timecop.travel(2.months.ago) do
@disapproval = PostDisapproval.create(:user => @user, :post => @post)
end
end
should "be pruned" do
assert_difference("PostDisapproval.count", -1) do
PostDisapproval.prune!
end
end
end
context "when sending dmails" do
setup do
@uploaders = FactoryBot.create_list(:user, 2)
@disapprovers = FactoryBot.create_list(:mod_user, 2)
# 2 uploaders, with 2 uploads each, and 2 disapprovals on each upload.
@uploaders.each do |uploader|
FactoryBot.create_list(:post, 2, uploader: uploader).each do |post|
FactoryBot.create(:post_disapproval, post: post, user: @disapprovers[0])
FactoryBot.create(:post_disapproval, post: post, user: @disapprovers[1])
end
end
end
should "dmail the uploaders" do
bot = FactoryBot.create(:user)
User.stubs(:system).returns(bot)
assert_difference(["@uploaders[0].dmails.count", "@uploaders[1].dmails.count"], 1) do
PostDisapproval.dmail_messages!
end
assert(@uploaders[0].dmails.exists?(from: bot, to: @uploaders[0]))
assert(@uploaders[1].dmails.exists?(from: bot, to: @uploaders[1]))
end
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink